Red Hat Developer Hub 1.7

Orchestrator in Red Hat Developer Hub

Orchestrator enables serverless workflows for cloud migration, onboarding, and customization in Red Hat Developer Hub

Red Hat Customer Content Services

Abstract

As an administrator, you can use Orchestrator to enable serverless workflows in Red Hat Developer Hub to support cloud migration, developer onboarding, and custom workflows.

1. About Orchestrator in Red Hat Developer Hub

You can streamline and automate your work by using the Orchestrator in Red Hat Developer Hub. It enables you to:

  • Design, run, and monitor workflows to simplify multi-step processes across applications and services.
  • Standardize onboarding, migration, and integration workflows to reduce manual effort and improve consistency.
  • Extend RHDH with enterprise-grade Orchestration features to support collaboration and scalability.
Note

Orchestrator currently supports only Red Hat OpenShift Container Platform (OpenShift Container Platform); it is not available on Microsoft Azure Kubernetes Service (AKS), Amazon Elastic Kubernetes Service (EKS), or Google Kubernetes Engine (GKE).

To start using Orchestrator in RHDH, you must:

  • Install the required infrastructure components, such as Red Hat OpenShift Serverless Operator, Knative Serving, Knative Eventing, and OpenShift Serverless Logic Operator
  • Configure your Backstage custom resource (CR) or Helm values file for Orchestrator
  • Import the Orchestrator software templates into the Red Hat Developer Hub catalog

1.1. Supported architecture for Orchestrator

You can use Orchestrator to design, run, and monitor workflows that automate key tasks. It builds on components like SonataFlow and OpenShift Serverless, which provide the runtime environment and event-driven capabilities needed to power your workflows.

To help you get started quickly, the following Orchestrator plugin components are included but disabled by default in the dynamic-plugins.default.yaml file:

  • "backstage-plugin-orchestrator"
  • "backstage-plugin-orchestrator-backend-dynamic"
  • "backstage-plugin-scaffolder-backend-module-orchestrator-dynamic"
  • "backstage-plugin-orchestrator-form-widgets"

To enable these plugins, set the plugins.disabled parameter to false.

1.2. Orchestrator plugin dependencies for Operator installation

When you enable the Orchestrator plugin in your Backstage custom resource (CR), the Operator automatically provisions the following required dependencies:

  • A SonataflowPlatform CR
  • NetworkPolicies that allow traffic between infrastructure resources (Knative, Serverless Logic Operator), monitoring traffic, and intra-namespace traffic

The Orchestrator plugin requires these components to run. For example, to communicate with the SonataFlow platform, the Orchestrator plugin uses the sonataflow-platform-data-index-service, which is created by the SonataFlowPlatform CR.

Important

The SonataFlowPlatform CR contains Data Index service that requires PostgreSQL database as shown in the following example: 

      persistence:
        postgresql:
          secretRef:
            name: backstage-psql-secret-{{backstage-name}}
            userKey: POSTGRES_USER
            passwordKey: POSTGRES_PASSWORD
          serviceRef:
            name: backstage-psql-{{backstage-name}} # # Namespace where the Backstage CR is created
            namespace: {{backstage-ns}} # Namespace where the Backstage (CR) is created
            databaseName: backstage_plugin_orchestrator

By default, the Orchestrator plugin dependencies use the following:

  • The PostgreSQL database named backstage_plugin_orchestrator created by Backstage
  • A Secret created by Backstage Operator for the PostgreSQL with POSTGRES_USER and POSTGRES_PASSWORD keys as the database credentials in the Backstage CR namespace.
  • A Service created by Backstage Operator for the PostgreSQL database with the name backstage-psql-{{backstage-name}} in the Backstage CR namespace.

For more information about automatic plugin dependency creation when the Backstage CR is applied to the cluster, see Dynamic plugins dependency management.

Note

To enable the Backstage Operator to work with the SonataFlow platform, its ServiceAccount must have the appropriate permissions.

The Operator automatically creates the required Role and RoleBinding resource in profile/rhdh/plugin-rbac directory.

1.3. Orchestrator plugin components on OpenShift Container Platform

To run the Orchestrator plugin successfully on OpenShift Container Platform, you must first install the following required components:

  • Red Hat Developer Hub (RHDH) Backstage
  • OpenShift Serverless Logic Operator

  • OpenShift Serverless Operator

    • Knative Serving
    • Knative Eventing
  • (Optional) For managing the Orchestrator project, you need a preinstalled instance of Argo CD or Red Hat OpenShift GitOps in the cluster. It is disabled by default.
  • (Optional) To use Tekton tasks and the build pipeline, you need a preinstalled instance of Tekton or Red Hat OpenShift Pipelines in the cluster. These features are disabled by default.

The most recommended approach to install the dependencies for the Orchestrator plugin is by enabling the dependencies for the Orchestrator plugin directly during your RHDH installation. When you configure RHDH to include the Orchestrator plugin, the RHDH Operator installs the necessary OpenShift Serverless operators, eliminating the need for separate scripts or Helm charts.

For specific use cases, you can choose to install the dependencies manually or use helper utilities.

1.3.1. Installing components using the Orchestrator Infrastructure for Red Hat Developer Hub Helm chart

You can use Orchestrator Infrastructure for Red Hat Developer Hub to install components for the Orchestrator plugins.

Procedure

  1. Run the helm install command for the orchestrator-infra chart. This command initiates the installation of the Red Hat Serverless Operator and Red Hat Serverless Logic Operator components.
  2. Manually approve the install plans for the Operators. You must run the oc patch installplan commands provided in the output to approve their installation.
Important

By default, Orchestrator Infrastructure for Red Hat Developer Hub Helm chart does not auto-approve the required Serverless Operators. You must manually approve the install plans.

1.3.2. Installing Orchestrator components manually on OpenShift Container Platform

Use manual installation when you want full control of the setup process and component versions. Manual installation method focuses on setting up the underlying infrastructure.

Procedure

  1. Install the OpenShift Serverless components manually by following the instructions in the Red Hat OpenShift Serverless documentation.
  2. You must also configure workflow persistence to prevent workflow context from being lost when the Pod restarts. You can do this configuration at the namespace level using the SonataFlowPlatform or SonataFlow custom resources (CR). For detailed instructions on configuring persistence using the SonataFlowPlatform or SonataFlow custom resources, see Managing workflow persistence.
  3. (Optional) If required, deploy a custom PostgreSQL database.

1.3.3. Installing components using the RHDH helper script

You can use the RHDH helper script plugin-infra.sh to quickly install the OpenShift Serverless infrastructure and Openshift Serverless Logic infrastructure required by the Orchestrator plugin.

Warning

Do not use plugin-infra.sh in production.

Procedure

  1. Download the plugin-infra.sh script as shown in the following example: 

    curl -sSLO https://raw.githubusercontent.com/redhat-developer/rhdh-operator/refs/heads/release-${PRODUCT_VERSION}/config/profile/rhdh/plugin-infra/plugin-infra.sh # Specify the Red Hat Developer Hub version in the URL or use main

  2. Run the script: 

    $ ./plugin-infra.sh

2. Installing Red Hat Developer Hub with Orchestrator

To install Red Hat Developer Hub, use one of the following methods:

  • The Red Hat Developer Hub Operator
  • The Red Hat Developer Hub Helm chart

2.1. Enabling the Orchestrator plugin using Operator

You can enable the Orchestrator plugin in RHDH by configuring dynamic plugins in your Backstage custom resource (CR).

Prerequisites

  • You have installed RHDH on OpenShift Container Platform.
  • You have access to edit or create ConfigMaps in the namespace where the Backstage CR is deployed.

Procedure

  1. To enable the Orchestrator plugin with default settings, set disabled: false for the package. For example, package: "@redhat/backstage-plugin-orchestrator@<plugin_version> is set to disabled: false: 

    - package: "@redhat/backstage-plugin-orchestrator@<plugin_version>"
  disabled: false

    Example: Complete configuration of the Orchestrator plugin

    apiVersion: v1
kind: ConfigMap
metadata:
  name: orchestrator-plugin
data:
    dynamic-plugins.yaml: |
      includes:
        - dynamic-plugins.default.yaml
      plugins:
        - package: "@redhat/backstage-plugin-orchestrator@1.7.1"
          disabled: false
          pluginConfig:
            dynamicPlugins:
                frontend:
                  red-hat-developer-hub.backstage-plugin-orchestrator:
                    appIcons:
                      - importName: OrchestratorIcon
                        name: orchestratorIcon
                    dynamicRoutes:
                      - importName: OrchestratorPage
                        menuItem:
                          icon: orchestratorIcon
                          text: Orchestrator
                        path: /orchestrator
                    entityTabs:
                      - path: /workflows
                        title: Workflows
                        mountPoint: entity.page.workflows
                    mountPoints:
                      - mountPoint: entity.page.workflows/cards
                      importName: OrchestratorCatalogTab
                      config:
                        layout:
                          gridColumn: '1 / -1'
                          if:
                            anyOf:
                              - IsOrchestratorCatalogTabAvailable
        - package: "@redhat/backstage-plugin-orchestrator-backend-dynamic@1.7.1"
          disabled: false
          pluginConfig:
            orchestrator:
              dataIndexService:
                url: http://sonataflow-platform-data-index-service
          dependencies:
            - ref: sonataflow
        - package: "@redhat/backstage-plugin-scaffolder-backend-module-orchestrator-dynamic@1.7.1"
          disabled: false
          pluginConfig:
            orchestrator:
              dataIndexService:
                url: http://sonataflow-platform-data-index-service
        - package: "@redhat/backstage-plugin-orchestrator-form-widgets@1.7.1"
          disabled: false
          pluginConfig:
            dynamicPlugins:
              frontend:
                red-hat-developer-hub.backstage-plugin-orchestrator-form-widgets: { }
---
apiVersion: rhdh.redhat.com/v1alpha3
kind: Backstage
metadata:
  name: orchestrator
spec:
  application:
    appConfig:
      configMaps:
        - name: app-config-rhdh
    dynamicPluginsConfigMapName: orchestrator-plugin

  2. Create a secret containing the BACKEND_SECRET value as shown in the following example: 

    apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config-rhdh
data:
  app-config-rhdh.yaml: |-
    auth:
      environment: development
      providers:
        guest:
          # using the guest user to query the '/api/dynamic-plugins-info/loaded-plugins' endpoint.
          dangerouslyAllowOutsideDevelopment: true
    backend:
      auth:
        externalAccess:
          - type: static
            options:
              token: ${BACKEND_SECRET}
              subject: orchestrator
---
apiVersion: v1
kind: Secret
metadata:
  name: backend-auth-secret
stringData:
  # generated with the command below (from https://backstage.io/docs/auth/service-to-service-auth/#setup):
  # node -p 'require("crypto").randomBytes(24).toString("base64")'
  # notsecret
  BACKEND_SECRET: "R2FxRVNrcmwzYzhhN3l0V1VRcnQ3L1pLT09WaVhDNUEK"

  3. Configure your Backstage CR to update the secret name in the extraEnvs field as shown in the following example: 

    apiVersion: rhdh.redhat.com/v1alpha4
kind: Backstage
metadata:
  name: orchestrator
spec:
  application:
    appConfig:
      configMaps:
        - name: app-config-rhdh
    dynamicPluginsConfigMapName: orchestrator-plugin
    extraEnvs:
      secrets:
          # secret that contains the BACKEND_SECRET key
        - name: backend-auth-secret

Verification

  • In the RHDH console, confirm that the Orchestrator frontend and backend features are available.

2.2. Installing Red Hat Developer Hub (RHDH) on OpenShift Container Platform with the Orchestrator using the Helm CLI

You can install Red Hat Developer Hub (RHDH) on OpenShift Container Platform with the Orchestrator by using the Helm CLI. The installation automatically enables the required dynamic plugins and integrates workflow infrastructure.

Prerequisites

  • You are logged in as an administrator and have access to the Red Hat Developer Hub Helm chart repository.

  • You can install the necessary infrastructures resources, such as SonataFlow, alongside RHDH in the same namespace.

    This is a one-off requirement and must be completed before enabling the Orchestrator plugin.

Procedure

  1. As an administrator, install relevant cluster-wide resources. 

    helm repo add openshift-helm-charts https://charts.openshift.io/
helm install <release_name> openshift-helm-charts/redhat-developer-hub-orchestrator-infra
    Important

    You must be an administrator to install the redhat-developer-hub-orchestrator-infra Helm chart because it deploys additional cluster-scoped OpenShift Serverless and OpenShift Serverless Logic Operators. As an administrator, you must manually approve the install plans for OpenShift Serverless and Serverless Logic Operators.

  2. Install the Backstage chart with the orchestrator enabled as shown in the following example: 

    $ helm install <release_name> openshift-helm-charts/redhat-developer-hub --version 1.7.1 \
  --set orchestrator.enabled=true

  3. (Optional) Enable Notifications and Signals plugins by adding them to the global.dynamic.plugins list in your values.yaml file as shown in the following example: 

    global:
  dynamic:
    plugins:
      - disabled: false
        package: "./dynamic-plugins/dist/backstage-plugin-notifications"
      - disabled: false
        package: "./dynamic-plugins/dist/backstage-plugin-signals"
      - disabled: false
        package: "./dynamic-plugins/dist/backstage-plugin-notifications-backend-dynamic"
      - disabled: false
        package: "./dynamic-plugins/dist/backstage-plugin-signals-backend-dynamic"

  4. (Optional) You can disable the Serverless Logic and Serverless Operators individually or together by setting their values to false, as shown in the following example: 

    helm install <release_name> openshift-helm-charts/redhat-developer-hub \
  --version 1.7.1 \
  --set orchestrator.enabled=true \
  --set orchestrator.serverlessOperator=false \
  --set orchestrator.serverlessLogicOperator=false

  5. (Optional) If you are using an external database, add the following configuration under orchestrator.sonataflowPlatform in your values.yaml file: 

    orchestrator:
  sonataflowPlatform:
    externalDBsecretRef: "<cred-secret>"
    externalDBName: "<database_name>" # The name of the user-configured existing database (Not the database that the orchestrator and sonataflow resources use).
    externalDBHost: "<database_host>"
    externalDBPort: "<database_port>"
    Note

    This step only configures the Orchestrators use of an external database. To configure Red Hat Developer Hub to use an external PostgreSQL instance, follow the steps in Configuring a PostgreSQL instance using Helm.

Verification

  1. Verify that the Orchestrator plugin is visible in the Red Hat Developer Hub UI.
  2. Create and run sample workflows to confirm the orchestration is functioning correctly.

2.3. Install Red Hat Developer Hub (RHDH) using Helm from the OpenShift Container Platform web console

You can install Red Hat Developer Hub (RHDH) with the Orchestrator by using the (OpenShift Container Platform) web console. This method is useful if you prefer a graphical interface or want to deploy cluster-wide resources without using the Helm CLI.

Prerequisites

  • You are logged in to the OpenShift Container Platform web console as an administrator.
  • You have access to the Red Hat Developer Hub Helm chart repository.
  • Your cluster has internet access or the Helm charts are mirrored in a disconnected environment.

Procedure

  1. In the OpenShift Container Platform web console, go to the Helm Charts and verify that the Red Hat Developer Hub Helm chart repository is available.

  2. Search for the Orchestrator infrastructure for Red Hat Developer Hub and select Install.

    Important

    You must be an administrator to install the Orchestrator Infrastructure for Red Hat Developer Hub Helm chart because it deploys cluster-scoped resources. As an administrator, you must manually approve the install plans for OpenShift Serverless and Serverless Logic Operators.

    As a regular user, search for the Red Hat Developer Hub chart and install it by setting the value of orchestrator.enabled to true. Otherwise, the Orchestrator will not be deployed.

  3. Wait until they are successfully deployed.
  4. Monitor the deployment status by navigating to Pods or releases.

Verification

After deployment completes:

  • The orchestrator-related pods are running in the selected namespace.
  • Cluster-wide resources are present.
  • You can start connecting the orchestrator to your Red Hat Developer Hub UI.

2.4. Resource limits for installing Red Hat Developer Hub with the Orchestrator plugin when using Helm

When installing Red Hat Developer Hub (RHDH) with the Orchestrator plugin using Helm, the chart defines default CPU and memory limits for the SonataFlowPlatform component.

These limits are enforced by the cluster so that pods do not exceed their allocated resources.

  1. Default resource limits
ResourceDefault value

CPU limits

500m

Memory limits

1Gi

  1. You can override these values in any of the following ways:

    • With values.yaml
    • With --set flags

  2. Override defaults with values.yaml as shown in the following example: 

    orchestrator:
  enabled: true
  sonataflowPlatform:
  resources:
      limits:
        cpu: "500m"
        memory: "1Gi"

  3. Override with --set as shown in the following example: 

    helm upgrade --install <release_name>  openshift-helm-charts/redhat-developer-hub \
  --set orchestrator.enabled=true \
  --set orchestrator.sonataflowPlatform.resources.requests.cpu=500m \
  --set orchestrator.sonataflowPlatform.resources.requests.memory=128Mi \
  --set orchestrator.sonataflowPlatform.resources.limits.cpu=1 \
  --set orchestrator.sonataflowPlatform.resources.limits.memory=2Gi
    Note

    The --set setting is applicable only when orchestrator.enabled is true. By default, it is set to false.

Legal Notice

Copyright © 2025 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.